Major companies will now need to declare cyberattacks to the CISA immediately

By Sead Fadilpašić
published

US is continuing to tighten up on its cybersecurity rules

A finger pressing a padlock icon
(Image credit: Shutterstock)

American critical infrastructure organizations will soon be forced to report cybersecurity incidents within 72 hours, and any ransomware payments within 24 hours, following a new bipartisan bill that had just passed the US Senate.

The The Strengthening American Cybersecurity Act was introduced by Senators Rob Portman and Gary Peters, ranking member and chairman of the Senate Homeland Security and Governmental Affairs Committee. 

It is based on multiple older acts, including the Cyber Incident Reporting Act, the Federal Information Security Modernization Act of 2021, and the Federal Secure Cloud Improvement and Jobs Act.

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window (opens in new tab) <<

Russians attack fears

The goal of the new law, the two senators have stated, is to strengthen the American cybersecurity posture, in anticipation of Russian malware (opens in new tab) and ransomware attacks. The US has sided with Ukraine as the latter suffers the Russian invasion, sending military aid and imposing devastating sanctions on the Russian government, tycoons and oligarchs. 

“As our nation continues to support Ukraine, we must ready ourselves for retaliatory cyber-attacks from the Russian government... This landmark legislation, which has now passed the Senate, is a significant step forward to ensuring the United States can fight back against cybercriminals and foreign adversaries who launch these persistent attacks," Peters said. 

"Our landmark, bipartisan bill will ensure CISA is the lead government agency responsible for helping critical infrastructure operators and civilian federal agencies respond to and recover from major network breaches and mitigate operational impacts from hacks. I will continue urging my colleagues in the House to pass this urgently needed legislation to improve public and private cybersecurity as new vulnerabilities are discovered, and ensure that the federal government can safety and securely utilize cloud-based technology to save taxpayer dollars."

Read more

> US government wants to learn more from recent major hacks (opens in new tab)

> The NSA is getting a lot more cybersecurity power (opens in new tab)

> US government teams up with tech giants to tackle the next big cyberattack (opens in new tab)

Elsewhere in the act, the Federal Risk and Authorization Management Program (FedRAMP) has gotten the green light to help federal agencies “quickly and securely adopt cloud-based technologies that improve government operations and efficiency." 

US government organizations should now be better at coordinating and managing cyberattacks and other virus (opens in new tab) attacks against its endpoints (opens in new tab), it was concluded. However, for the law to be enforced, it first needs to be signed by the US President, Joe Biden, and to do that, it first needs to pass the House.

  • Check out our rundown of the best firewalls (opens in new tab) right now

Via: ZDNet (opens in new tab)

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

See more Computing news